Refactor profile picture upload path handling to ensure correct directory structure and improve logging

upload.php

@@ -32,7 +32,7 @@ $fileError = isset($file['error']) ? (int)$file['error'] : UPLOAD_ERR_NO_FILE;
 if ($fileError !== UPLOAD_ERR_OK)
 {
     error_log('Upload: PHP upload error code=' . $fileError);
-    header('Location: account.php?upload=err');
+    header('Location: account.php?upload=err&code=php_' . $fileError);
     exit();
 }
 
@@ -40,7 +40,8 @@ if ($fileError !== UPLOAD_ERR_OK)
 $tmp = isset($file['tmp_name']) ? (string)$file['tmp_name'] : '';
 if ($tmp === '' || !is_uploaded_file($tmp))
 {
-    header('Location: account.php?upload=err');
+    error_log('Upload: tmp missing or not uploaded. tmp=' . $tmp);
+    header('Location: account.php?upload=err&code=tmp');
     exit();
 }
 
@@ -55,49 +56,29 @@ $mime = $finfo->file($tmp);
 
 if (!$mime || !isset($allowedMimeToExt[$mime]))
 {
-    header('Location: account.php?upload=err');
+    error_log('Upload: invalid mime=' . (string)$mime);
+    header('Location: account.php?upload=err&code=mime');
     exit();
 }
 
 $ext = $allowedMimeToExt[$mime];
 
-// Wichtig: Auf Linux ist ein Pfad mit führendem "/" ein Pfad ab Dateisystem-Root.
-// Für move_uploaded_file() brauchen wir einen Dateisystempfad; die Public-URL ist separat.
+// Zielordner IM Projekt (Webroot): assets/images/profilePictures
+// Damit vermeiden wir alle DOCUMENT_ROOT/Alias/VHost Probleme.
+$targetDir = rtrim(__DIR__, "\\/") . '/assets/images/profilePictures';
+
+// Diagnose (landet im PHP/Apache Error-Log)
 $documentRoot = isset($_SERVER['DOCUMENT_ROOT']) ? (string)$_SERVER['DOCUMENT_ROOT'] : '';
-$webRoot = rtrim($documentRoot, "\\/");
-
-$relativeTargetDir = '/assets/images/profilePictures';
-
-// Robust: __DIR__ ist der Ordner, in dem upload.php liegt (bei dir: WEBROOT).
-// DOCUMENT_ROOT kann auf manchen Setups leer oder z.B. nur '/' sein; dann würde in '/assets/...' geschrieben.
-$dirBasedRoot = rtrim(__DIR__, "\\/");
-
-define('UPLOAD_DEBUG', true);
-
-$candidateFromDocRoot = ($webRoot !== '' && $webRoot !== '/') ? ($webRoot . $relativeTargetDir) : '';
-$candidateFromDir = $dirBasedRoot . $relativeTargetDir;
-
-// Bevorzugt __DIR__; nur wenn DOCUMENT_ROOT plausibel ist und der DIR-Fallback nicht existiert, nutzen wir DOCUMENT_ROOT.
-$targetDir = $candidateFromDir;
-if ($candidateFromDocRoot !== '' && !is_dir($candidateFromDir) && is_dir($candidateFromDocRoot))
-{
-    $targetDir = $candidateFromDocRoot;
-}
-
-if (UPLOAD_DEBUG)
-{
-    error_log('Upload: DOCUMENT_ROOT=' . $documentRoot);
-    error_log('Upload: __DIR__=' . __DIR__);
-    error_log('Upload: targetDir=' . $targetDir);
-}
+error_log('Upload: DOCUMENT_ROOT=' . $documentRoot . ' __DIR__=' . __DIR__ . ' targetDir=' . $targetDir);
 
 if (!is_dir($targetDir))
 {
     $mkOk = @mkdir($targetDir, 0755, true);
     if (!$mkOk)
     {
-        error_log('Upload: mkdir failed for ' . $targetDir);
-        header('Location: account.php?upload=err');
+        $lastErr = error_get_last();
+        error_log('Upload: mkdir failed for ' . $targetDir . ' - ' . (is_array($lastErr) && isset($lastErr['message']) ? $lastErr['message'] : 'unknown'));
+        header('Location: account.php?upload=err&code=mkdir');
         exit();
     }
 }
@@ -105,7 +86,7 @@ if (!is_dir($targetDir))
 if (!is_writable($targetDir))
 {
     error_log('Upload: targetDir not writable: ' . $targetDir);
-    header('Location: account.php?upload=err');
+    header('Location: account.php?upload=err&code=perm');
     exit();
 }
 
@@ -121,7 +102,7 @@ if (!move_uploaded_file($tmp, $targetPath))
     $lastErr = error_get_last();
     $lastErrMsg = (is_array($lastErr) && isset($lastErr['message'])) ? (string)$lastErr['message'] : 'unknown';
     error_log('Upload: move_uploaded_file failed to ' . $targetPath . ' - ' . $lastErrMsg);
-    header('Location: account.php?upload=err');
+    header('Location: account.php?upload=err&code=move');
     exit();
 }